Install Ubuntu with access to GRUB only

在 BIOS 被鎖住、沒有光碟機也無法從 USB 開機的情況下安裝 Ubuntu Linux 的方法。

技術筆記,有需要再看。

The following method is what I work out when installing Ubuntu on a computer with following constraint:

  • BIOS is locked, so no booting from CD-ROM nor external USB drives, or
  • the CD-ROM drive itself is absent, and you don’t have a USB drive at hand.

Requirement:

  • Network access.
  • Target computer need to have GRUB already on board with access to it (It’s possible to install it from Windows/DOS but please have the files ready before you reboot.)
  • Access to boot partition (try recovery mode, i.e. append the word “single” after current kernel; if successful you can work directly from there)

In short, we would like to drop two files into the boot partition, and ask GRUB to boot it. After that the partition itself can be safely wipe out since files is used only in booting process.

Steps:

  1. Boot the machine
  2. Grab (wget) Miniual CD and Alternative Installer CD iso images
  3. Mount each of them, i.e. mount -o loop blah.iso /tmp/iso
  4. Copy /tmp/iso/initrd.gz from mini.iso to /boot/mini
  5. Copy /tmp/iso/installer/vmlinuz from alternative.iso to /boot/mini
  6. Reboot the machine, press Esc to enter grub boot menu.
  7. Press e to edit one of the entries
  8. Press e to edit the line begin with the word “kernel”. Change the kernel to /boot/mini/vmlinuz. Remove all kernel options.
  9. Press e to edit the line begin with the word “initrd”. Change the initrd image path to /boot/mini/initrd.gz
  10. Press b to boot.
  11. You should see Minimal Installer shows up. Minimal Installer will ask you what favor of Ubuntu you would like.

Why it works?

  • We need GRUB because BIOS is locked.
  • We need vmlinuz kernel from alternative installer because GRUB cannot access iso directly and minimal iso image doesn’t comes with a kernel.
  • We need initrd.gz from minimal installer because the alternative installer one checks existance of alternative installer CD-ROM (and data integrity of it)

On the security aspect, if you don’t want people tempering with your Linux box, lock BIOS, lock GRUB boot list, remove pre-installed single user boot menu entries, and attach an actual lock on the machine case. But then you are solely responsible to remember all the passwords you have set; no one can save you (without breaking anything) if you forget the password.

That’s all. Have fun with it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.